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Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

Listing of Claims: 

1 . (Currently Amended) An automation security system, comprising: 
an asset component that defines an industrial automation device; 

an access component that defines a security attribute associated with the industrial 
automation device, the security attribute including a location attribute and a time attribute 
that grants access to the industrial automation device for a predetermined amount of time; 
and 

a security component that regulates access to the industrial automation device 
based upon the security attribute |"[.~|~| and includes an automated security assessment 
component. 

2. (Cancelled) 

3. (Cancelled) 

4. (Currently Amended) The system of claim [[3]]I, the security component is based 
on at least one of automation and process control security, cryptography, and 
Authentication/ Authorization/ Accounting (AAA). 

5. (Currently Amended) The system of claim 1, the asset component describes at least 
one of factory components and groupings, the factory components are at least one of sen- 
sors, actuators, controllers, I/O modules, communications modules, [[and]] or human- 
machine interface (HMI) devices. 
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6. (Currently Amended) The system of claim 5, the groupings include factory 
components that are grouped into at least one of machines, machines grouped into lines, 
[[and]] or lines grouped into facilities. 

7. (Original) The system of claim 5, the groupings have associated severity attributes 
such as at least one of risk and security incident cost. 

8. (Original) The system of claim 7, further comprising an ISA S95 Model for 
Enterprise to Control System Integration to integrate security aspects across or within 
respective groupings. 

9. (Previously presented) The system of claim 1 , further comprising a set of generic 
IT components and specifies parameters to assemble and configure the IT components to 
achieve flexible access to the industrial automation device. 

10. (Currently Amended) The system of claim 9, the IT components include at least 
one of switches with virtual local area network (VLAN) capability, routers with access 
list capability, firewalls, virtual private network (VPN) termination devices, intrusion 
detection systems, AAA servers, configuration tools, [[and]] or monitoring tools. 

1 1 . (Original) The system of claim 1 , further comprising security parameters and 
policies that are developed for physical and electronic security for various component 
types. 

12. (Currently Amended) The system of claim 1 1, the security parameters and 
policies further comprising at least one of security protection levels, identification entry 
capabilities, integrity algorithms, [[and]] or privacy algorithms. 

13. (Currently Amended) The system of claim 1, the security component includes at 
least one of authentication software, virus detection, intrusion detection, authorization 
software, attack detection, protocol checker, [[and]] or encryption software. 
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14. (Currently Amended) The system of claim 13, the security component at least one 
of acts as an intermediary between an access system and one or more automation 
components, [[and]] or facilitates communications between the access system and the one 
or more automation components. 

1 5 . (Currently amended) The system of claim [[2]] 1 , the security attributes are 
specified as part of a network request to gain access to the at least one industrial 
automation device, the security attributes included in at least one of a group, set, subset, 
[[and]] or class. 

16. (Original) The system of claim 15, the security component employs at least one 
authentication procedure and an authorization procedure to process the network request. 

17. (Currently Amended) The system of claim 16, further comprising one or more 
security protocols including at least one of Internet Protocol Security (IPSec), Kerberos, 
Diffie-Hellman exchange, Internet Key Exchange (IKE), digital certificate, pre-shared 
key, [[and]] or encrypted password, to process the network request. 

18. (Currently Amended) The system of claim 15, further comprising at least one of 
an access key [[and]] or a security switch to control network access to a device or 
network. 

19. (Currently Amended) The system of claim 18, the access key further comprises 
at least one of time, location, batch, process, program, calendar, or GPS (Global 
Positioning Information) to specify local and wireless network locations, to control 
access to the device or network. 

20. (Currently Amended) An automation security system, comprising: 
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a server that manages a network interface between networked industrial 
automation devices and other devices attempting access to the networked industrial 
automation devices; and 

a security management module associated with the network interface that enforces 
an enterprise wide policy and that manages security threats directed to the networked 
industrial automation devices, the enterprise wide policy including a location attribute 
and a time attribute that limits access to the networked industrial automation devices to 
certain time periods|"|".~| ~|, and utilizes the results of automated security threat analysis. 

21 . (Currently Amended) The system of claim 20, the security management module at 
least one of schedules audits, establishes a security policy, applies the policy from a 
single or distributed console, [[and]] or generates reports that identify potential 
weaknesses in security. 

22. (Currently Amended) The system of claim 20, the security management module 
provides an interface to at least one of add, delete [[and]] or modify security rights of an 
individual, a group, or a device [[and]] or distribute security information to various 
controllers and control devices. 

23. (Currently Amended) The system of claim 20, further comprising at least one of: 
an authentication with the server to establish a secure link; 

a secure link to authenticate and authorize access to a requestor of the networked 
industrial automation device; [[and]] or 

establishment of a secure session with the requestor if access is authorized. 

24. (Currently Amended) An automation security methodology, comprising: 

electronically analyzing an industrial automation device; 

programmatically modeling the industrial automation device in accordance with 
network security considerations, the network considerations include a location attribute 
and a time attribute that controls if and how long network access is granted to the 
industrial automation device; and 
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automatically developing a security framework for an automation system based 
in part on the modeling of the industrial automation device,! [[and]] a network access 
type[[.]] and at least one of a formal threat analysis, a vulnerability analysis, a factory 
topology mapping, or an attack tree analysis to determine whether access should be 
granted to the industrial automation device. 

25. (Cancelled) 

26. (Currently Amended) The method of claim 2[[5]]4, the one or more security 
attributes further comprise at least one of a role, an asset type, a location, a time, [[and]] 
or an access type. 

27. (Currently Amended) The method of claim 24, further comprising at least one of: 
determining whether to grant access to the industrial automation device; 
granting access from the industrial automation device; [[and]] or 

granting access from a network device associated with the industrial automation 

device. 

28. (Currently Amended) An automated security system for an industrial control 
environment, comprising: 

means for defining one or more security attributes associated with at least one 
network request, the security attributes include at least one of: 
a location attribute, 
a time attribute, 
a role attribute, [[and]] or 
an access type attribute; 
means for processing the one or more security attributes; 
means for automatically determining which network devices require security 
resources based on at least one of a formal threat analysis, a vulnerability analysis, a 
factory topology mapping, or an attack tree analysis; and 
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means for controlling access to at least one of a network device [[and]] or the 
industrial automation component based in part on the one or more security attributes. 

29. (Currently Amended) A security schema for a factory automation system, 
comprising: 

a first data field that describes industrial automation devices; 

a second data field that describes security parameters for the industrial 
automation devices, the security parameters including a location attribute and a time 
attribute that enables access to the industrial automation devices for a specified time and 
attributes stemming from the results of automated security risk analysis ; and 

a schema that associates the first and second data fields, the schema employed 
to limit access to the industrial automation devices based upon the security parameters. 

30. (Currently Amended) The system of claim 29, the schema including at least one 
of an access role, an asset type, an access type, time information, address information, 
[[and]] or location information. 

3 1 . (Original) The system of claim 29, further comprising a response schema to 
provide status to a requesting network device. 

32. (Currently Amended) The system of claim 3 1 , the response schema including at 
least one of a status field, a time field, an access type field, an access location field, 
[[and]] or a key field. 

33. (Original) The system of claim 3 1, the response schema including an attachment 
field to indicate other security data follows the response schema. 
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